security in the electronic universe major trends helmut leopold head of digital safety &...
TRANSCRIPT
Security in the Electronic UniverseMajor Trends
Helmut LeopoldHead of Digital Safety & Security Department
AIT Austrian Institute of Technology
Dagstuhl,
April 15-17 2015
Dagstuhl Seminar 2015 on Assuring Resilience, Security and Privacy for Flexible Networked Systems and Organisations
Cyber Security - Overview
ICT Trends in the „after-broadband century”
The Security problem
The Shift in user behavior
The IT industry problem
2
The „after-broadband“ ICT Trend – M2M Communication
Connected Utility
Intelligent energy production,distribution and use - renewable energy – smart grid
Ernergy management at home- smart home New energy storage (PHEV)
ConnectedPatients
Closed loop healthcare - Telemedicine for new widespread diseases – diabetes, cardic insufficiency, overweight
Prevention and care; Lifestyle management
Industry 4.0 Sensor networks for production Environmental sensors Smart cameras for public security
Connected Cars
60% of all innovation by electronics Intelligent traffic-control saves more CO2 as
estimated e-vehicle-fleet in 2030
Smart City
Environmental sensors Smart cameras for public security Citicen information systems eGovernment
ICT Trends result in complexity & impact
The complexity of ICT systems is increasing Landing on the moon with 7.500 Lines of Code Today: F-35 fighter jet: 5,7 Mio; Boeing 787: 6,5 Mio;
Mercedes S-Class: 20 Mio; Chevrolet Volt: 100 Mio.
Systems are getting more and more interconnected M2M Communication, Internet-of-Things (IoT), Always-On Systems of Systems Virtual Infrastructures (Cloud)
Industry trend towards open network architectures Open protocols (IP), industry standards Increased number of „third parties“
The dependency on ICT systems is increasing Smart Grid, Smart Home, Smart City, eGovernment, eCommerce, eHealth, eMobility, …critical infrastructure
421.04.23
Increased
Number of
VulnerabilitiesIncreased
Number of
Vulnerabilities
Increased
RiskIncreased
Risk
Increased
ImpactIncreased
Impact
Cascade
EffectsCascade
Effects
Emerging Communication Technology (1)Future Wireless Communication Systems
5
<2014: 2G, 3G, 4G, WLAN, …
always-onbroadbanddesigned for human-to-human or human-to-machine communications
>2020: Ultra-reliable wireless M2M communications (5G)
monitoring and control applicationslow-latency links (< 1ms)massive number of concurrent M2M linkscoordinated local and cellular com. systemsmove to mm-Wave frequencies > 30 GHz
Source: G. Fettweis, S. Alamouti, “5G: Personal mobile internet beyond what cellular did to telephony,” IEEE Commun. Mag., Feb. 2014.
6
Forecast
Decision Support System
Luft Verkehr WasserAirAir TrafficTraffic IndustryIndustry
Monitoring systems
Fusion of different sensor data
Velocity: real-time data generation
Veracity: data in doubt all sensor data have an uncertainty
how do we model/describe the behavior of people (social media)
Variety: Data sources are changing
Combination of real-time data with historical data
Modelling and Simulation
Emerging Communication Technology (2)Sensor Networks - Challenges
7
0
200
400
600
800
1000
1200
1400
1600
1800
2000
2005 2006 2007 2008 2009 2010 2011 2012
Exa
byt
es
Year
Digital Information Created, Captured, and Replicated Worldwide
Source: AIT Research, “The Diverse and Exploding Digital Universe” IDC White Paper, March 2008http://www.emc.com/collateral/analyst-reports/diverse-exploding-digital-universe.pdf
21.04.23
World-wide we produce more data than HW-Storage space is available!
World-wide we produce more data than HW-Storage space is available!
Knowledge can only be stored for a limited period of time - in 5 to 7 years the majority of today‘s data
will get lost.
Knowledge can only be stored for a limited period of time - in 5 to 7 years the majority of today‘s data
will get lost.
Which functions should be implemented in future networks, in order to enable next gen content management and application support? How do we store and retrieve the enormous amount
of data ? How to scale? How to automate? Next Gen Content Management
Research at AIT
BRITISHLIBRARY Source: digitalbevaring.dk
Multimedia Content: DataTextAudioImagesVideo
Emerging Communication Technology (3)Broadband Multimedia
Overview
ICT Trends in the „after-broadband century”
The Security Problem
The Shift in user behavior
The IT industry problem
8
Cyber Security – The Problem Statement
Increased system complexity decreased system understanding
Increased system complexity decreased system understanding
9
Increased use of ICT & networking dependability THE critical infrastructure
Increased use of ICT & networking dependability THE critical infrastructure
Cars EnergyPatient Home
Connected Connected EnvironmentMillennials
???„Classical security protection is dead“ 06.05.2014, DiePresse.com
Symantec/Norton
„Classical security protection is dead“ 06.05.2014, DiePresse.com
Symantec/Norton
50% of security breaches are supported by user interactions
The Cyber Security Problem is …
Source: Microsoft Security Intelligence Report 2011, Daten aus 1. HJ. 2011, http://www.microsoft.com/security/sir/default.aspx
A young discipline
Overview
ICT Trends in the „after-broadband century”
The Security problem
The Shift in user behavior
The IT industry problem
11
The Shift in User Behavior
1221.04.23
interdependency
Technology Society
(1) „The Generation Shift“
1321.04.23
Boomers … Technology to “re-invent his personality” Brought technology from the office to home
X-Generation … generation in contradiction Millennials …
PC, Internet and Mobile phones to network bring technologies from home to work
From the „Information society“ to the „networked society“.
Source: Alison Cerra „The Shift Digest“, Alcatel Lucent Study, 2012, www.theshiftonline.com
(2) „The Identity Shift“ – the 3 “Ps”
1421.04.23
By using new ICT technology , we change our behavior and usage patterns.
Source: Wikipedia
Source: Alison Cerra „The Shift Digest“, Alcatel Lucent Study, 2012, www.theshiftonline.com
Presentation seekers
Protection seekers
Preference seekers
Image of an individual within the society
How a person sees the privacy
On which information we base our decisions (to select products and friends)
(3) „The Content Shift“
1521.04.23
Democratisation of tools and production Easy consumption: lower cost, Internet, Tablet PCs, smart phones Connection of producer and customer on a flat market
Within a month there are more videos uploaded on to Youtube than from 3 US TV stations in 60 years
Source: Chris Anderson, „The Long Tail“, http://www.changethis.com/10.LongTail („in Wired 2004“), AIT Research,
A new ecosystem for content production and consumation – „Long Tail“
eGovernment, eHealth, eEnvironment,
social media@work
Connected TV Social TV Mobile TV Personal TV
(4) „The Cloud Shift“
1621.04.23
„Our head is in the cloud“
Source: Wikipedia
Data storage and processing are becoming virtual
“bring our own device“ – “data are ubiquitous in location and time”
“Outsourcing from information change our behavior”
Source: TIME Magazine, March 2012, AIT Research
„Digital Dementia“
Overview
ICT Trends in the „after-broadband century”
The Security problem
The Shift in user behavior
The IT industry problem
17
Next Generation Cyber Security
CAIS Cyber Attack Information System Recognizing the „unknown“ Information Sharing – CIIS Mitigation actions
Encryption - unbreakable keys Smart approaches without keys – Secret
Sharing07.02.2011
TrustSecurity
18
Governance Assurance
Risk Management
Top Management Visibility & Control
Start
Information Security
GovernanceLack of visibility of security status,
resources deployed, and overall
performance of programs
Why is information security important
to our organization?
Are we “secure”?
Cyber Security - Top Management Challenge
Loose scope definition of
information security activities creating conflict between
managers
Information security capabilities not linked to strategic business
objectives
Units not properly staffed or lack of qualified/trained
personnel on information security
topics
19Source: AIT research, Booz & Co
Not IT cost cutting but outcome based IT business
CIO roles in organization is
changing
CEOs try to solve the security problem with
yesterday´s logic (proprietary systems)
Application designers are the
new system experts
IT experts try to protect their
system expertise
Cyber Security vs. increase the productivity in firms
Technology change cycles are increasing ICT Systems complexity is increasing Potential security problems become
evident
Decreasing of IT-complexity by virtualization of ICT Services (Cloud Computing)
No harmonized governance frameworks in the different countries and markets Globalization of ICT-Service offerings
(economy of scale and scope) Privacy Data protection
20
Management tend to “protect” their systems public – private cloud no “connection” to the internet proprietary systems
Application designers are the new system experts Based on external IT-Services
(Cloud)
Change of the CIO role in companies Data Scientists, etc. more systems knowledge
Decreasing IT personnel resources Decreasing IT investments
Thank you for listening!
Helmut LeopoldHead of Digital Safety & Security [email protected]
AIT Austrian Institute of TechnologyDigital Safety & Security Department
An idea is not a single thing.
The trick to having good ideas is not to sit around in glorious isolation and try to think big thoughts. The trick
is to get more parts on the table, which enable us to combine and bring different parts together.
A good idea is a network - it is all about bringing
people and ideas together .....
Steve Johnson, „Where do innovation or good ideas come from?”, 2010
21